Burning Arduino bootloader using PonyProg

I was recently working on a project and ran into the issue of needing to burn the Arduino bootloader onto a pair of blank Atmega168's using PonyProg and the Olimex AVR-PG1 ICSP to Serial adapter. If you find yourself in the same position you need to take careful note of the "fuse bit" settings or you will end up with a chip that burns successfully, but will not accept new sketches uploaded from the Arduino IDE.

The process is really pretty simple once you have it all figured out.

- Step 1: Replace the standard Atmel chip on the Diecimila with your blank chip.
- Step 2: Switch the Diecimila from USB to EXT power.
- Step 3: Connect your adapter to the ICSP port on the Diecimila. (be sure to align Pin 1)
- Step 4: Set the fuse bits in PonyProg to the following and select "Write"



- Step 5: open your Atmega168 bootloader (.hex file) and "Write" it to the chip.

Assuming you do all the above correctly, you should then be able to plug your USB back into the Diecimila, fire up the Arduino IDE and upload your sketches.

**Note: if you run into an issue with PonyProg prompting you to "Abort,Retry,Ignore" you may be running into an issue with the bootloader competing with the Write operation. There is a simple fix - while pushing the reset button on the Diecimila several times, simultaneously hit "Retry" in PonyProg. After a couple tries PonyProg should be able to win the race condition and write to the chip...

GSM Encryption Falls

Financial Times reports that the GSM A5/1 encryption has been cracked at a competition during the 26C3.

The *actual* A5/1 algorithm was initially proprietary and only published to industry members. Over time the cipher was reverse-engineered into a functionally identical algorithm and several flaws were found with both it and the original.

The practical implementation of this weakness relies on two pieces - the first is the actual A5/1 rainbow tables which seem to now be fairly easily computable into a 3TB dataset.The second involves the actual RF hardware necessary to communicate and process calls with the handsets as a clandestine base station.

“The reality is that a practical attack is beyond the capabilities of the vast majority of people” -- James Moran, security director of the GSMA. [link]

If this is the stumbling block to easy exploitation, then projects like OpenBTS, USRP and SDR in general should be getting a lot of traffic right now...

Military Video Feed Hacking

If you haven't been paying attention to the Military Tech. blogs lately you may have missed The Wall Street Journal scoop of insurgents hacking US video feeds from surveillance drones. Unencrypted transmissions in the ROVER system leads to eavesdropping of the video feeds from Predator and Reaper drones.

According to WSJ sources, back in 2008 insurgent laptop(s) were recovered with files containing drone feeds and a commonly obtainable software package called Skygrabber. Mix in some off-the-shelf electronics and you have your own portable ELINT station.

Initially DoD representatives tried to downplay the incident stating that the video feeds did not contain classified information of use to the individuals. A PDF posted to the Full Disclosure mailing list indicated that at least GPS coordinates were contained as Metadata in the video feeds.



(side note: adding in the recent problems the TSA has had with PDF's and it's starting to look like nobody at the defense departments understands this whole "Metadata" thing...)

Plugging in the coordinates from the preceding image you get a location near the border of Nogales Mexico, a popular location for border patrol drone operations. Seems confidential enough to me...

MSFT "COFEE" needs microwaving...

I hardly lifted an eyebrow last month when Crunchgear discovered that Microsofts uber-secret forensic tool COFEE (note the singular "F") was leaked on the P2P sites. Primarily because, from my experience, these situations have been largely over-hyped. This circus has proved no different...

I finally got around to looking closer at this software today and am, once again, shaking my head at the amount of mis-information involved. The application itself appears to be nothing more than a wrapper for many tools which are commonly installed on windows by DEFAULT. Gizmodo gets the "FUD-of-the-week" award for the explanation of arp.exe, nbtstat.exe and net.exe as "super-illegal for the average Joe to use" -- GIVE ME A BREAK!

Bottom line: I was hoping MSFT let loose something exciting with this slip. Sadly though, it looks like the investigators are being left just as far in the dark as they always have. While providing a quick-and-easy method to generate report data, the tool doesn't go much farther beyond what a person could already do on their own with some fancy batch scripting.

PCB Etching at home...

It's been awhile since I've posted anything (hobbies took a back seat to working and family) but I just now got around to reading a great post over at the GetLoFi website on "How We Make Circuit Boards"

They do a great job of showing the process from start to finish and it ends up being 99% similiar to the way I have done it. (and had great success with) I even picked out a couple small improvements that I think will help on my next round of homebuilt PCB's.

Go watch and try it out!